More responsibility is being placed on directors to protect their companies against the ever increasing security risks, especially considering the changing laws and governance procedures. Fraud is the downfall of many businesses today, but it can be prevented with effective corporate governance policies and tools.
Although there is a huge responsibility on company directors to ensure that governance, risk and compliance policies are implemented, most companies do not have clarity on who manages this critical area of the business.
J2 Software managing director John Mc Loughlin says company directors are forced through these new laws and good governance practices to make sure they have preventative, quantitative and corrective steps in place to protect their organisation from risk. ‚Non compliance can have dire effects which include directors being held personally liable or jailed,‚ he says.‚
He stresses that governance, risk and compliance should be a real priority for company directors, especially considering the liability they face. ‚With changing laws and governance procedures, more duty is placed on directors to protect against ICT governance and security risks.‚ ‚
Directors of companies have a duty to protect their information and also the personal information of their customers. Without clear direction and accountability, these companies can be left exposed to a number of risks. There is no space for any ambiguities: the drive needs to come directly from the highest executive level. In many cases, there is simply not enough done to protect against all possible eventualities.
Pointing to internal threats, Mc Loughlin says companies need to actively track, monitor and control what users do with the resources of the organisation. You also need to ensure that your rules and permissions are simply and proactively enforced. So you have to be able to define and then enforce what files, folders and applications the users can access and use.‚
‚Finally, one needs to control the other areas of risk. These refer specifically to high risk points which are responsible for data loss and will include external, unsecured Internet-based email systems which allow for easy data loss and time wasting. USB devices which can be used for data theft are also are a big threat of virus infections, along with SD cards and CD/DVD devices,‚ he adds.’
These devices may need to be used in specific instances, but it must be controlled and monitored. Companies need to set appropriate policies for these devices which could mean allowing users to read from the devices, but not copy any information to them or run applications from them. This will ensure that one is covered against internal abuse as well as external loss.
Mc Loughlin says many IT administrators and business managers do not have the tools to know what users are doing on the organisation’s computers and on the network. ‚Very little consideration has been given to providing solid management systems to ensure that the investment in technology delivers maximum benefit. In essence, in these tough times it is extremely important that executives take corrective steps and ensure there are preventative measures in place for this.‚ ‚
‚With users being able to access the Internet, send and receive email and browse the local network, often in an unstructured manner, it is more important than ever that employees are monitored and kept productive. It is essential that access to information is managed and users are accountable for their actions,‚ he concludes.